> I want to do a pretty simple thing (I think): I have two computers A
> and B. I want A to connect to B, where both A verifies that it
> connected to B and B verifies that it was connected from A. The
> connection should be encrypted.
FWIW, my Foolscap project (http://foolscap.lothar.com/trac) may give you what
you're looking for. It's a capability-secure descendant of Perspective
Broker, giving you a secure connection from one object in one process to a
remote one. Everything works in terms of remote method invocations, basically
'deferred = rref.callRemote("methodname", args)'.
The capability-based security model means that the remote object is
represented by a secret string (called a "FURL") that contains both the
fingerprint of the target process' SSL key and a shared secret identifying
the particular object within that process. Both are checked, so once you pass
a FURL to your local Foolscap code, you can be sure that the resulting
connection is to exactly the object intended by whoever generated the FURL.
There is no checking of the client side (the "B verifies that it was
connected from A" portion of your sentence). That goal is accomplished by
limiting distribution of the FURL. The only way to connect to B is to know
B's FURL, so if you don't give the FURL to anyone but A, then nobody but A
(or someone they give it to) can connect to B. Easy.
We're using Foolscap in the allmydata.org "Tahoe" distributed filesystem, and
the basic security primitives that it provides has made a lot of the
higher-level design much much easier.
cheers,
-Brian
(BTW, Foolscap's current version is 0.2.4, I've made several small releases
in the past few months and neglected to announce them here. oops.)